Submit #158335: Class Scheduling System v1.0 /online_class_scheduling_system/admin/save_teacher.php POST parameter Academic_Rank exists stored cross-site scripting vulnerabilityinfo

TitelClass Scheduling System v1.0 /online_class_scheduling_system/admin/save_teacher.php POST parameter Academic_Rank exists stored cross-site scripting vulnerability
BeschreibungAn issue was discovered in Class Scheduling System v1.0. There is a stored cross-site scripting vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /online_class_scheduling_system/admin/save_teacher.php POST parameter Academic_Rank. Payload: Name=1&Academic_Rank=<script>alert(document.cookie)</script>&Designation=2&Department=College+of+Education&save= Payload will trigger when a user visits on http://localhost/online_class_scheduling_system/admin/record.php.
Quelle⚠️ https://github.com/jiy2020/bugReport/blob/main/XSS.md
Benutzer
 CLJY (UID 46916)
Einreichung19.05.2023 04:35 (vor 3 Jahren)
Moderieren19.05.2023 17:30 (13 hours later)
StatusAkzeptiert
VulDB Eintrag229428 [SourceCodester Class Scheduling System 1.0 POST Parameter /admin/save_teacher.php Academic_Rank Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!